RealPlayer InternetShortcut URL property buffer overflow

Added: 01/07/2013
CVE: CVE-2012-5691
BID: 56956
OSVDB: 88486

Background

RealPlayer is a media player application which can play back various multimedia file formats.

Problem

A buffer overflow vulnerability in the GetPrivateProfileString function allows command execution when a user opens a RealMedia file containing a specially crafted URL property in the InternetShortcut section.

Resolution

Upgrade to RealPlayer 16.0.0.282 or higher.

References

http://service.real.com/realplayer/security/12142012_player/en/

Limitations

Exploit works on RealPlayer 15.0.6.14 on Windows XP SP3 English (DEP OptIn) and requires a user to download the exploit file and drag it into RealPlayer.

Platforms

Windows

Back to exploit index